Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎04-02-2013 07:52 AM Edited on ‎04-04-2022 01:35 PM By Anonymous

Article Id 191683

Technical Note: How to use the DNS translation feature

Description
The DNS translation feature available in the FortiOS firmware is designed to modify the DNS reply from a DNS server.

It is typically used to allow internal users of a network to access resources with their private IP addresses, hence can simplify the firewall configurations.

A network diagram is provided below with an example that illustrates on how to configure this feature.

 
In this example, the client sends a DNS resolution request to the DNS server 172.31.17.252 for resource "server1.lab.mycompany.com" . The DNS reply sent by the DNS server is 172.31.17.37 (this is the public IP address of "server1"), but the reply is translated on the FortiGate unit into 10.73.1.37, which is the private IP address of the same resource, "server1".


Scope

FortiOS version 4.00 MR2
FortiOS version 4.00 MR3
FortiOS version 5.0.x
 


Solution

rmetzger_dnstranslation5.png


Keywords:
config firewall dnstranslation
config system session-helper





31048
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.